<!DOCTYPE html>
<html lang="zh-CN">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <title>Spring Security Oauth2 总结 | 寒冷如铁</title>
    <meta name="generator" content="VuePress 1.8.2">
    <link rel="icon" href="/blog/favicon.ico">
    <script language="javascript" type="text/javascript" src="https://cdn.bootcdn.net/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
    <script language="javascript" type="text/javascript" src="/blog/js/MouseClickEffect.js"></script>
    <meta name="description" content="好奇就尝试，喜欢就坚持！">
    <meta name="viewport" content="width=device-width,initial-scale=1,user-scalable=no">
    
    <link rel="preload" href="/blog/assets/css/0.styles.01ca31a9.css" as="style"><link rel="preload" href="/blog/assets/js/app.0c46c7d8.js" as="script"><link rel="preload" href="/blog/assets/js/3.5679fe00.js" as="script"><link rel="preload" href="/blog/assets/js/1.8cdd2163.js" as="script"><link rel="preload" href="/blog/assets/js/74.ddd90b9a.js" as="script"><link rel="prefetch" href="/blog/assets/js/10.0b6ffd8d.js"><link rel="prefetch" href="/blog/assets/js/11.d27e4c34.js"><link rel="prefetch" href="/blog/assets/js/12.ba5bd991.js"><link rel="prefetch" href="/blog/assets/js/13.ab5bead7.js"><link rel="prefetch" href="/blog/assets/js/14.124a0dc3.js"><link rel="prefetch" href="/blog/assets/js/15.ac521310.js"><link rel="prefetch" href="/blog/assets/js/16.b32290db.js"><link rel="prefetch" href="/blog/assets/js/17.d65c6ccd.js"><link rel="prefetch" href="/blog/assets/js/18.0a7a10ef.js"><link rel="prefetch" href="/blog/assets/js/19.e0e5e91a.js"><link rel="prefetch" href="/blog/assets/js/20.bcc0e382.js"><link rel="prefetch" href="/blog/assets/js/21.59edea58.js"><link rel="prefetch" href="/blog/assets/js/22.8239cecf.js"><link rel="prefetch" href="/blog/assets/js/23.48516c82.js"><link rel="prefetch" href="/blog/assets/js/24.4e1a046f.js"><link rel="prefetch" href="/blog/assets/js/25.56c0a228.js"><link rel="prefetch" href="/blog/assets/js/26.fb764e02.js"><link rel="prefetch" href="/blog/assets/js/27.f96c7435.js"><link rel="prefetch" href="/blog/assets/js/28.31139fa0.js"><link rel="prefetch" href="/blog/assets/js/29.fa31f05f.js"><link rel="prefetch" href="/blog/assets/js/30.49c791b1.js"><link rel="prefetch" href="/blog/assets/js/31.68660a8e.js"><link rel="prefetch" href="/blog/assets/js/32.4e07e3b0.js"><link rel="prefetch" href="/blog/assets/js/33.e08324f8.js"><link rel="prefetch" href="/blog/assets/js/34.9153a266.js"><link rel="prefetch" href="/blog/assets/js/35.49d3bb37.js"><link rel="prefetch" href="/blog/assets/js/36.5a46a47a.js"><link rel="prefetch" href="/blog/assets/js/37.2403de70.js"><link rel="prefetch" href="/blog/assets/js/38.794a3bde.js"><link rel="prefetch" href="/blog/assets/js/39.185570eb.js"><link rel="prefetch" href="/blog/assets/js/4.a5921925.js"><link rel="prefetch" href="/blog/assets/js/40.b5ddc5b2.js"><link rel="prefetch" href="/blog/assets/js/41.81f131ab.js"><link rel="prefetch" href="/blog/assets/js/42.474cb45b.js"><link rel="prefetch" href="/blog/assets/js/43.fe269b94.js"><link rel="prefetch" href="/blog/assets/js/44.123909bf.js"><link rel="prefetch" href="/blog/assets/js/45.85e17df3.js"><link rel="prefetch" href="/blog/assets/js/46.96eb5367.js"><link rel="prefetch" href="/blog/assets/js/47.2c06ceb7.js"><link rel="prefetch" href="/blog/assets/js/48.dcaa5d75.js"><link rel="prefetch" href="/blog/assets/js/49.47475370.js"><link rel="prefetch" href="/blog/assets/js/5.a6bfa893.js"><link rel="prefetch" href="/blog/assets/js/50.29aa41a9.js"><link rel="prefetch" href="/blog/assets/js/51.b049cb19.js"><link rel="prefetch" href="/blog/assets/js/52.9f16a8d1.js"><link rel="prefetch" href="/blog/assets/js/53.9ccedc0d.js"><link rel="prefetch" href="/blog/assets/js/54.c16fde39.js"><link rel="prefetch" href="/blog/assets/js/55.3d2e78cc.js"><link rel="prefetch" href="/blog/assets/js/56.14b1dddb.js"><link rel="prefetch" href="/blog/assets/js/57.a48eb0da.js"><link rel="prefetch" href="/blog/assets/js/58.db985774.js"><link rel="prefetch" href="/blog/assets/js/59.dbb67461.js"><link rel="prefetch" href="/blog/assets/js/6.d5f7873e.js"><link rel="prefetch" href="/blog/assets/js/60.fd9edd5c.js"><link rel="prefetch" href="/blog/assets/js/61.c87eaa37.js"><link rel="prefetch" href="/blog/assets/js/62.09bd4303.js"><link rel="prefetch" href="/blog/assets/js/63.c3a4cb82.js"><link rel="prefetch" href="/blog/assets/js/64.1e623e6b.js"><link rel="prefetch" href="/blog/assets/js/65.5ee98079.js"><link rel="prefetch" href="/blog/assets/js/66.875fdeb3.js"><link rel="prefetch" href="/blog/assets/js/67.52e4feee.js"><link rel="prefetch" href="/blog/assets/js/68.09bb6522.js"><link rel="prefetch" href="/blog/assets/js/69.e5cc1032.js"><link rel="prefetch" href="/blog/assets/js/7.63c57787.js"><link rel="prefetch" href="/blog/assets/js/70.a2307508.js"><link rel="prefetch" href="/blog/assets/js/71.75bc515a.js"><link rel="prefetch" href="/blog/assets/js/72.f7d10a87.js"><link rel="prefetch" href="/blog/assets/js/73.ae777bb5.js"><link rel="prefetch" href="/blog/assets/js/75.5d297adc.js"><link rel="prefetch" href="/blog/assets/js/76.299aaa21.js"><link rel="prefetch" href="/blog/assets/js/77.c93068f7.js"><link rel="prefetch" href="/blog/assets/js/78.727916c9.js"><link rel="prefetch" href="/blog/assets/js/79.605f2aff.js"><link rel="prefetch" href="/blog/assets/js/8.22284503.js"><link rel="prefetch" href="/blog/assets/js/80.0081929d.js"><link rel="prefetch" href="/blog/assets/js/9.8e870e00.js">
    <link rel="stylesheet" href="/blog/assets/css/0.styles.01ca31a9.css">
  </head>
  <body>
    <div id="app" data-server-rendered="true"><div class="theme-container" data-v-19557b78><div data-v-19557b78><div id="loader-wrapper" class="loading-wrapper" data-v-d48f4d20 data-v-19557b78 data-v-19557b78><div class="loader-main" data-v-d48f4d20><div data-v-d48f4d20></div><div data-v-d48f4d20></div><div data-v-d48f4d20></div><div data-v-d48f4d20></div></div> <!----> <!----></div> <div class="password-shadow password-wrapper-out" style="display:none;" data-v-64685f0e data-v-19557b78 data-v-19557b78><h3 class="title" style="display:none;" data-v-64685f0e data-v-64685f0e>寒冷如铁</h3> <!----> <label id="box" class="inputBox" style="display:none;" data-v-64685f0e data-v-64685f0e><input type="password" value="" data-v-64685f0e> <span data-v-64685f0e>Konck! Knock!</span> <button data-v-64685f0e>OK</button></label> <div class="footer" style="display:none;" data-v-64685f0e data-v-64685f0e><span data-v-64685f0e><i class="iconfont reco-theme" data-v-64685f0e></i> <a target="blank" href="https://vuepress-theme-reco.recoluan.com" data-v-64685f0e>vuePress-theme-reco</a></span> <span data-v-64685f0e><i class="iconfont reco-copyright" data-v-64685f0e></i> <a data-v-64685f0e><span data-v-64685f0e>寒铁</span>
            
          <span data-v-64685f0e>2020 - </span>
          2022
        </a></span></div></div> <div class="hide" data-v-19557b78><header class="navbar" data-v-19557b78><div class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/blog/" class="home-link router-link-active"><!----> <span class="site-name">寒冷如铁</span></a> <div class="links"><div class="color-picker"><a class="color-button"><i class="iconfont reco-color"></i></a> <div class="color-picker-menu" style="display:none;"><div class="mode-options"><h4 class="title">Choose mode</h4> <ul class="color-mode-options"><li class="dark">dark</li><li class="auto active">auto</li><li class="light">light</li></ul></div></div></div> <div class="search-box"><i class="iconfont reco-search"></i> <input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><div class="nav-item"><a href="/blog/" class="nav-link"><i class="iconfont reco-home"></i>
  首页
</a></div><div class="nav-item"><div class="dropdown-wrapper"><a class="dropdown-title"><span class="title"><i class="iconfont reco-category"></i>
      分类
    </span> <span class="arrow right"></span></a> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/blog/categories/build/" class="nav-link"><i class="iconfont undefined"></i>
  build
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/db/" class="nav-link"><i class="iconfont undefined"></i>
  db
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/docker/" class="nav-link"><i class="iconfont undefined"></i>
  docker
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/workflow/" class="nav-link"><i class="iconfont undefined"></i>
  workflow
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/git/" class="nav-link"><i class="iconfont undefined"></i>
  git
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/java/" class="nav-link"><i class="iconfont undefined"></i>
  java
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/source/" class="nav-link"><i class="iconfont undefined"></i>
  source
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/linux/" class="nav-link"><i class="iconfont undefined"></i>
  linux
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/network/" class="nav-link"><i class="iconfont undefined"></i>
  network
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/python/" class="nav-link"><i class="iconfont undefined"></i>
  python
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/project/" class="nav-link"><i class="iconfont undefined"></i>
  project
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/share/" class="nav-link"><i class="iconfont undefined"></i>
  share
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/software/" class="nav-link"><i class="iconfont undefined"></i>
  software
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/spring/" class="nav-link"><i class="iconfont undefined"></i>
  spring
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/tomcat/" class="nav-link"><i class="iconfont undefined"></i>
  tomcat
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/web/" class="nav-link"><i class="iconfont undefined"></i>
  web
</a></li></ul></div></div><div class="nav-item"><a href="/blog/tag/" class="nav-link"><i class="iconfont reco-tag"></i>
  标签
</a></div><div class="nav-item"><a href="/blog/views/guide.html" class="nav-link"><i class="iconfont reco-other"></i>
  记录
</a></div><div class="nav-item"><a href="/blog/timeline/" class="nav-link"><i class="iconfont reco-date"></i>
  时间线
</a></div><div class="nav-item"><div class="dropdown-wrapper"><a class="dropdown-title"><span class="title"><i class="iconfont reco-message"></i>
      外链
    </span> <span class="arrow right"></span></a> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="https://github.com/huhuhan" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-github"></i>
  GitHub
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://gitee.com/huhu_han" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  Gitee
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://console.leancloud.app/#/apps" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  有道云笔记
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://console.leancloud.app/#/apps" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  LeadCloud
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://cloud.seafile.com/" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  Seafile
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://huhu_han.gitee.io/downgit" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  DownGit
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul></div></div> <!----></nav></div></header> <div class="sidebar-mask" data-v-19557b78></div> <aside class="sidebar" data-v-19557b78><div class="personal-info-wrapper" data-v-b038cec6><img src="/blog/avatar.png" alt="author-avatar" class="personal-img" data-v-b038cec6> <h3 class="name" data-v-b038cec6>
    寒铁
  </h3> <div class="num" data-v-b038cec6><div data-v-b038cec6><h3 data-v-b038cec6>66</h3> <h6 data-v-b038cec6>文章</h6></div> <div data-v-b038cec6><h3 data-v-b038cec6>17</h3> <h6 data-v-b038cec6>标签</h6></div></div> <hr data-v-b038cec6></div> <nav class="nav-links"><div class="nav-item"><a href="/blog/" class="nav-link"><i class="iconfont reco-home"></i>
  首页
</a></div><div class="nav-item"><div class="dropdown-wrapper"><a class="dropdown-title"><span class="title"><i class="iconfont reco-category"></i>
      分类
    </span> <span class="arrow right"></span></a> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/blog/categories/build/" class="nav-link"><i class="iconfont undefined"></i>
  build
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/db/" class="nav-link"><i class="iconfont undefined"></i>
  db
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/docker/" class="nav-link"><i class="iconfont undefined"></i>
  docker
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/workflow/" class="nav-link"><i class="iconfont undefined"></i>
  workflow
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/git/" class="nav-link"><i class="iconfont undefined"></i>
  git
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/java/" class="nav-link"><i class="iconfont undefined"></i>
  java
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/source/" class="nav-link"><i class="iconfont undefined"></i>
  source
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/linux/" class="nav-link"><i class="iconfont undefined"></i>
  linux
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/network/" class="nav-link"><i class="iconfont undefined"></i>
  network
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/python/" class="nav-link"><i class="iconfont undefined"></i>
  python
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/project/" class="nav-link"><i class="iconfont undefined"></i>
  project
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/share/" class="nav-link"><i class="iconfont undefined"></i>
  share
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/software/" class="nav-link"><i class="iconfont undefined"></i>
  software
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/spring/" class="nav-link"><i class="iconfont undefined"></i>
  spring
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/tomcat/" class="nav-link"><i class="iconfont undefined"></i>
  tomcat
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/web/" class="nav-link"><i class="iconfont undefined"></i>
  web
</a></li></ul></div></div><div class="nav-item"><a href="/blog/tag/" class="nav-link"><i class="iconfont reco-tag"></i>
  标签
</a></div><div class="nav-item"><a href="/blog/views/guide.html" class="nav-link"><i class="iconfont reco-other"></i>
  记录
</a></div><div class="nav-item"><a href="/blog/timeline/" class="nav-link"><i class="iconfont reco-date"></i>
  时间线
</a></div><div class="nav-item"><div class="dropdown-wrapper"><a class="dropdown-title"><span class="title"><i class="iconfont reco-message"></i>
      外链
    </span> <span class="arrow right"></span></a> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="https://github.com/huhuhan" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-github"></i>
  GitHub
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://gitee.com/huhu_han" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  Gitee
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://console.leancloud.app/#/apps" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  有道云笔记
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://console.leancloud.app/#/apps" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  LeadCloud
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://cloud.seafile.com/" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  Seafile
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://huhu_han.gitee.io/downgit" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  DownGit
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul></div></div> <!----></nav>  <ul class="sidebar-links"><li><section class="sidebar-group depth-0"><p class="sidebar-heading open"><span>Spring Security Oauth2 总结</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/blog/views/spring/spring-security-oauth2.html#简介" class="sidebar-link">简介</a><ul class="sidebar-sub-headers"></ul></li><li><a href="/blog/views/spring/spring-security-oauth2.html#授权服务配置" class="sidebar-link">授权服务配置</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security-oauth2.html#访问安全配置" class="sidebar-link">访问安全配置</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security-oauth2.html#客户端配置" class="sidebar-link">客户端配置</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security-oauth2.html#授权接口配置" class="sidebar-link">授权接口配置</a></li></ul></li><li><a href="/blog/views/spring/spring-security-oauth2.html#资源服务配置" class="sidebar-link">资源服务配置</a><ul class="sidebar-sub-headers"></ul></li><li><a href="/blog/views/spring/spring-security-oauth2.html#基础应用优化" class="sidebar-link">基础应用优化</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security-oauth2.html#开启授权码模式" class="sidebar-link">开启授权码模式</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security-oauth2.html#开启隐式模式" class="sidebar-link">开启隐式模式</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security-oauth2.html#开启用户密码模式" class="sidebar-link">开启用户密码模式</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security-oauth2.html#开启刷新模式" class="sidebar-link">开启刷新模式</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security-oauth2.html#重写异常响应" class="sidebar-link">重写异常响应</a></li></ul></li><li><a href="/blog/views/spring/spring-security-oauth2.html#令牌扩充优化" class="sidebar-link">令牌扩充优化</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security-oauth2.html#自定义扩充" class="sidebar-link">自定义扩充</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security-oauth2.html#以jwt做令牌" class="sidebar-link">以JWT做令牌</a></li></ul></li><li><a href="/blog/views/spring/spring-security-oauth2.html#令牌存储优化" class="sidebar-link">令牌存储优化</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security-oauth2.html#jwttokenstore" class="sidebar-link">JwtTokenStore</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security-oauth2.html#jdbctokenstore" class="sidebar-link">JdbcTokenStore</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security-oauth2.html#redistokenstore" class="sidebar-link">RedisTokenStore</a></li></ul></li><li><a href="/blog/views/spring/spring-security-oauth2.html#授权码存储优化" class="sidebar-link">授权码存储优化</a><ul class="sidebar-sub-headers"></ul></li><li><a href="/blog/views/spring/spring-security-oauth2.html#授权方式优化" class="sidebar-link">授权方式优化</a><ul class="sidebar-sub-headers"></ul></li><li><a href="/blog/views/spring/spring-security-oauth2.html#源码分析" class="sidebar-link">源码分析</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security-oauth2.html#tokenendpoint" class="sidebar-link">TokenEndpoint</a></li></ul></li></ul></section></li></ul> </aside> <div class="password-shadow password-wrapper-in" style="display:none;" data-v-64685f0e data-v-19557b78><h3 class="title" style="display:none;" data-v-64685f0e data-v-64685f0e>Spring Security Oauth2 总结</h3> <!----> <label id="box" class="inputBox" style="display:none;" data-v-64685f0e data-v-64685f0e><input type="password" value="" data-v-64685f0e> <span data-v-64685f0e>Konck! Knock!</span> <button data-v-64685f0e>OK</button></label> <div class="footer" style="display:none;" data-v-64685f0e data-v-64685f0e><span data-v-64685f0e><i class="iconfont reco-theme" data-v-64685f0e></i> <a target="blank" href="https://vuepress-theme-reco.recoluan.com" data-v-64685f0e>vuePress-theme-reco</a></span> <span data-v-64685f0e><i class="iconfont reco-copyright" data-v-64685f0e></i> <a data-v-64685f0e><span data-v-64685f0e>寒铁</span>
            
          <span data-v-64685f0e>2020 - </span>
          2022
        </a></span></div></div> <div data-v-19557b78><main class="page"><div class="page-title" style="display:none;"><h1>Spring Security Oauth2 总结</h1> <hr> <div data-v-484a899e><i class="iconfont reco-account" data-v-484a899e><span data-v-484a899e>寒铁</span></i> <i class="iconfont reco-date" data-v-484a899e><span data-v-484a899e>2021-01-21</span></i> <i class="iconfont reco-eye" data-v-484a899e><span id="/blog/views/spring/spring-security-oauth2.html" data-flag-title="Your Article Title" class="leancloud-visitors" data-v-484a899e><a class="leancloud-visitors-count" style="font-size:.9rem;font-weight:normal;color:#999;"></a></span></i> <i class="iconfont reco-tag tags" data-v-484a899e><span class="tag-item" data-v-484a899e>
      spring
    </span><span class="tag-item" data-v-484a899e>
      source
    </span></i></div></div> <div class="theme-reco-content content__default" style="display:none;"><blockquote><p>前提是了解<a href="/blog/views/spring/spring-security.html">Spring Security</a></p></blockquote> <h2 id="简介"><a href="#简介" class="header-anchor">#</a> 简介</h2> <p>即引入依赖包，默认加载的<code>AuthorizationServerEndpointsConfiguration</code></p> <div class="language-xml line-numbers-mode"><pre class="language-xml"><code>        <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>dependency</span><span class="token punctuation">&gt;</span></span>
            <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>groupId</span><span class="token punctuation">&gt;</span></span>org.springframework.cloud<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>groupId</span><span class="token punctuation">&gt;</span></span>
            <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>artifactId</span><span class="token punctuation">&gt;</span></span>spring-cloud-starter-oauth2<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>artifactId</span><span class="token punctuation">&gt;</span></span>
        <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>dependency</span><span class="token punctuation">&gt;</span></span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br></div></div><p>该类会初始化注入以下的Endpoint类，包括以下：</p> <ul><li><strong>AuthorizationEndpoint</strong>：授权，对应请求<code>/oauth/authorize</code></li> <li><strong>TokenEndpoint</strong>：认证，对应请求<code>/oauth/token</code></li> <li>CheckTokenEndpoint，对应请求<code>/oauth/error</code></li> <li>WhitelabelApprovalEndpoint，对应请求<code>/oauth/confirm_access</code></li> <li>WhitelabelErrorEndpoint，对应请求<code>/oauth/error</code></li></ul> <p>相对<strong>Spring Security</strong>的<code>WebSecurityConfigurerAdapter</code>，oauth2有两种安全配置</p> <ul><li>授权服务配置<code>AuthorizationServerConfigurerAdapter</code></li> <li>资源服务配置<code>ResourceServerConfigurerAdapter</code> <ul><li>默认注解<code>EnableResourceServer</code>的配置也是继承<code>WebSecurityConfigurerAdapter</code>实现的</li> <li><strong>WebFlux</strong>版的比如<strong>Spring Cloud Gateway</strong>，则重定义<code>SecurityWebFilterChain</code></li></ul></li></ul> <h2 id="授权服务配置"><a href="#授权服务配置" class="header-anchor">#</a> 授权服务配置</h2> <p>这个系统暂称为【授权中心】，自定义授权配置类，继承<code>AuthorizationServerConfigurerAdapter</code>类，通过实现以下三种<code>configure</code>方法来配置。<strong>最简单的配置</strong>，如下</p> <h3 id="访问安全配置"><a href="#访问安全配置" class="header-anchor">#</a> 访问安全配置</h3> <p>框架<code>EndpointRequest</code>的访问安全配置。其他请求的访问安全按<strong>Spring  Security</strong>的安全配置。</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">AuthorizationServerSecurityConfigurer</span> security<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
        security
                <span class="token comment">//设置/oauth/check_token可以无权访问，给资源服务远程访问用</span>
                <span class="token punctuation">.</span><span class="token function">checkTokenAccess</span><span class="token punctuation">(</span><span class="token string">&quot;permitAll()&quot;</span><span class="token punctuation">)</span>
            	<span class="token comment">//可选，默认client_id以及client_secret要求以basic auth加密形式请求</span>
                <span class="token punctuation">.</span><span class="token function">allowFormAuthenticationForClients</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br></div></div><h3 id="客户端配置"><a href="#客户端配置" class="header-anchor">#</a> 客户端配置</h3> <p>所有客户端或应用需要先注册到【授权中心】中，客户端根据密钥来【授权中心】获取授权令牌</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>	<span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">ClientDetailsServiceConfigurer</span> clients<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
        <span class="token comment">//从内存中加载客户端信息</span>
        clients<span class="token punctuation">.</span><span class="token function">inMemory</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
                <span class="token comment">//客户端ID，必填</span>
                <span class="token punctuation">.</span><span class="token function">withClient</span><span class="token punctuation">(</span><span class="token string">&quot;client_demo&quot;</span><span class="token punctuation">)</span>
                <span class="token comment">//客户端秘钥, security5.0后要求秘钥加密</span>
                <span class="token punctuation">.</span><span class="token function">secret</span><span class="token punctuation">(</span>passwordEncode<span class="token punctuation">.</span><span class="token function">encode</span><span class="token punctuation">(</span><span class="token string">&quot;secret_client_demo&quot;</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
                <span class="token comment">//作用域</span>
                <span class="token punctuation">.</span><span class="token function">scopes</span><span class="token punctuation">(</span><span class="token string">&quot;all&quot;</span><span class="token punctuation">)</span>
                <span class="token comment">//支持的授权模式，最简化配置仅客户端模式可用</span>
                <span class="token punctuation">.</span><span class="token function">authorizedGrantTypes</span><span class="token punctuation">(</span><span class="token class-name">AuthorizationGrantType</span><span class="token punctuation">.</span>CLIENT_CREDENTIALS<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
                <span class="token comment">//授权客户端的权限</span>
                <span class="token punctuation">.</span><span class="token function">authorities</span><span class="token punctuation">(</span><span class="token string">&quot;client_x&quot;</span><span class="token punctuation">)</span>
                <span class="token comment">//访问token时效，秒</span>
                <span class="token punctuation">.</span><span class="token function">accessTokenValiditySeconds</span><span class="token punctuation">(</span><span class="token number">3600</span><span class="token punctuation">)</span>
        <span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br></div></div><p>这里的密码加密接口，用官方提供的方式，也可以自定义实现类</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>    <span class="token annotation punctuation">@Bean</span>
    <span class="token keyword">public</span> <span class="token class-name">PasswordEncoder</span> <span class="token function">passwordEncoder</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token comment">// 官方包默认提供加密方式 bcrypt</span>
        <span class="token keyword">return</span> <span class="token class-name">PasswordEncoderFactories</span><span class="token punctuation">.</span><span class="token function">createDelegatingPasswordEncoder</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br></div></div><h3 id="授权接口配置"><a href="#授权接口配置" class="header-anchor">#</a> 授权接口配置</h3> <div class="language-java line-numbers-mode"><pre class="language-java"><code>    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">AuthorizationServerEndpointsConfigurer</span> endpoints<span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token comment">// 可直接用默认配置</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br></div></div><blockquote><p>postman测试数据。<strong>默认配置，仅支持客户端模式</strong>，其中客户端密钥必须通过<strong>Basic加密</strong>请求发送</p> <div class="language-go line-numbers-mode"><pre class="language-go"><code>curl <span class="token operator">--</span>location <span class="token operator">--</span>request POST <span class="token string">'http://127.0.0.1:9001/oauth/token'</span> \
<span class="token operator">--</span>header <span class="token string">'Authorization: Basic Y2xpZW50X2RlbW86c2VjcmV0X2NsaWVudF9kZW1v'</span> \
<span class="token operator">--</span>header <span class="token string">'Content-Type: application/x-www-form-urlencoded'</span> \
<span class="token operator">--</span>header <span class="token string">'Cookie: JSESSIONID=29B28EF13769F2EECDBFC7C6EC54A573'</span> \
<span class="token operator">--</span>data<span class="token operator">-</span>urlencode <span class="token string">'grant_type=client_credentials'</span> \
<span class="token operator">--</span>data<span class="token operator">-</span>urlencode <span class="token string">'scope=all'</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br></div></div><div class="language-go line-numbers-mode"><pre class="language-go"><code><span class="token punctuation">{</span>
    <span class="token string">&quot;token&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;035568f9-6292-4232-87af-a8f94feb872b&quot;</span><span class="token punctuation">,</span>
    <span class="token string">&quot;refreshToken&quot;</span><span class="token punctuation">:</span> null<span class="token punctuation">,</span>
    <span class="token string">&quot;tokenHead&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;Bearer &quot;</span><span class="token punctuation">,</span>
    <span class="token string">&quot;expiresIn&quot;</span><span class="token punctuation">:</span> <span class="token number">3599</span><span class="token punctuation">,</span>
    <span class="token string">&quot;scope&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">[</span>
        <span class="token string">&quot;all&quot;</span>
    <span class="token punctuation">]</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br></div></div></blockquote> <h2 id="资源服务配置"><a href="#资源服务配置" class="header-anchor">#</a> 资源服务配置</h2> <p>比如某业务服务需要做资源保护，默认使用，只需如下配置。原因参考<a href="#%E4%BB%A4%E7%89%8C%E6%89%A9%E5%85%85%E4%BC%98%E5%8C%96">令牌扩充优化</a></p> <ol><li><p>添加注解<code>@EnableResourceServer</code></p></li> <li><p>远程验证配置，即请求上面【授权中心】进行令牌的验证</p> <div class="language-yaml line-numbers-mode"><pre class="language-yaml"><code><span class="token comment">#作为需要oauth授权认证的资源客户端</span>
<span class="token key atrule">security</span><span class="token punctuation">:</span>
  <span class="token key atrule">oauth2</span><span class="token punctuation">:</span>
    <span class="token key atrule">client</span><span class="token punctuation">:</span>
      <span class="token key atrule">client-id</span><span class="token punctuation">:</span> client_demo
      <span class="token key atrule">client-secret</span><span class="token punctuation">:</span> secret_client_demo
    <span class="token key atrule">resource</span><span class="token punctuation">:</span>
      <span class="token key atrule">token-info-uri</span><span class="token punctuation">:</span> http<span class="token punctuation">:</span>//localhost<span class="token punctuation">:</span>9001/oauth/check_token
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br></div></div></li></ol> <blockquote><p>自定义则继承<code>ResourceServerConfigurerAdapter</code>，就是Spring Security中的<code>WebSecurityConfigurerAdapter</code></p></blockquote> <h2 id="基础应用优化"><a href="#基础应用优化" class="header-anchor">#</a> 基础应用优化</h2> <p>以下基础扩展配置的demo项目，可以直接参考<a href="/blog/views/spring/oauth2.html">Spring Security Oauth2 Demo</a></p> <h3 id="开启授权码模式"><a href="#开启授权码模式" class="header-anchor">#</a> 开启授权码模式</h3> <p>类似QQ授权给第三方应用。访问跳转至QQ，检查是否已登录，是否授权，确认授权，跳转回第三方应用地址拿到授权码或令牌。这里QQ就是【授权中心】，客户端服务即第三方应用。</p> <ul><li><p>客户端配置</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>	<span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">ClientDetailsServiceConfigurer</span> clients<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
        clients<span class="token punctuation">.</span><span class="token function">inMemory</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
            	<span class="token comment">// 补充 authorization_code 模式</span>
                <span class="token punctuation">.</span><span class="token function">authorizedGrantTypes</span><span class="token punctuation">(</span>
                        <span class="token class-name">AuthorizationGrantType</span><span class="token punctuation">.</span>AUTHORIZATION_CODE<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
                        <span class="token class-name">AuthorizationGrantType</span><span class="token punctuation">.</span>CLIENT_CREDENTIALS<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
                <span class="token comment">//授权客户端的权限</span>
                <span class="token punctuation">.</span><span class="token function">authorities</span><span class="token punctuation">(</span><span class="token string">&quot;client_x&quot;</span><span class="token punctuation">)</span>
                <span class="token comment">//demo：authorization_code方式，需要重定向地址参数，响应的code验证码会加载该地址后面</span>
                <span class="token punctuation">.</span><span class="token function">redirectUris</span><span class="token punctuation">(</span><span class="token string">&quot;http://www.baidu.com&quot;</span><span class="token punctuation">)</span>
                <span class="token comment">//刷新token时效，秒</span>
                <span class="token punctuation">.</span><span class="token function">refreshTokenValiditySeconds</span><span class="token punctuation">(</span><span class="token number">3600</span><span class="token punctuation">)</span>
                <span class="token comment">//访问token时效，秒</span>
                <span class="token punctuation">.</span><span class="token function">accessTokenValiditySeconds</span><span class="token punctuation">(</span><span class="token number">3600</span><span class="token punctuation">)</span>
        <span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br></div></div></li> <li><p><strong>Spring Security</strong>作为【授权中心】的安全认证，通过<code>WebSecurityConfigurerAdapter</code>实现</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token annotation punctuation">@EnableWebSecurity</span>
<span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">MyWebSecurityConfig</span> <span class="token keyword">extends</span> <span class="token class-name">WebSecurityConfigurerAdapter</span> <span class="token punctuation">{</span>
    <span class="token comment">/**
     * 实例化认证管理对象，建议采用默认生成，包括认证程序等系列的逻辑
     * 自己定义的话，可以参考AuthenticationManagerBuilder初始化
     *
     * @return 认证管理对象
     * @throws Exception 认证异常信息
     */</span>
    <span class="token annotation punctuation">@Bean</span>
    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token class-name">AuthenticationManager</span> <span class="token function">authenticationManagerBean</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
        <span class="token keyword">return</span> <span class="token keyword">super</span><span class="token punctuation">.</span><span class="token function">authenticationManagerBean</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
    
    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">protected</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">HttpSecurity</span> http<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
        <span class="token comment">// 默认即可自带登录页面，也可自定义配置</span>
        <span class="token keyword">super</span><span class="token punctuation">.</span><span class="token function">configure</span><span class="token punctuation">(</span>http<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br></div></div><p>自定义实现类，重写用户凭证加载方法</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token annotation punctuation">@Component</span>
<span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">MyUserDetailsServiceImpl</span> <span class="token keyword">implements</span> <span class="token class-name">UserDetailsService</span> <span class="token punctuation">{</span>
  <span class="token comment">/**
     * 实际应该通过用户名去数据库找用户
     * 这里的扩展内容很多，自由发挥
     */</span>
  <span class="token annotation punctuation">@Override</span>
  <span class="token keyword">public</span> <span class="token class-name">UserDetails</span> <span class="token function">loadUserByUsername</span><span class="token punctuation">(</span><span class="token class-name">String</span> username<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">UsernameNotFoundException</span> <span class="token punctuation">{</span>
      <span class="token class-name">System</span><span class="token punctuation">.</span>out<span class="token punctuation">.</span><span class="token function">println</span><span class="token punctuation">(</span><span class="token string">&quot;loginName=&quot;</span> <span class="token operator">+</span> loginName<span class="token punctuation">)</span><span class="token punctuation">;</span>
      <span class="token class-name">List</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">GrantedAuthority</span><span class="token punctuation">&gt;</span></span> list <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">ArrayList</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">GrantedAuthority</span><span class="token punctuation">&gt;</span></span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
      list<span class="token punctuation">.</span><span class="token function">add</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">SimpleGrantedAuthority</span><span class="token punctuation">(</span><span class="token string">&quot;ROLE_USER&quot;</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
      <span class="token class-name">User</span> auth_user <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">User</span><span class="token punctuation">(</span><span class="token string">&quot;test&quot;</span><span class="token punctuation">,</span> passwordEncode<span class="token punctuation">.</span><span class="token function">encode</span><span class="token punctuation">(</span><span class="token string">&quot;123456&quot;</span><span class="token punctuation">)</span><span class="token punctuation">,</span> list<span class="token punctuation">)</span><span class="token punctuation">;</span>
      <span class="token keyword">return</span> auth_user<span class="token punctuation">;</span>
  <span class="token punctuation">}</span> 
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br></div></div></li></ul> <blockquote><p>postman测试数据。redirect_uri地址一由是后端服务地址解析。</p> <ol><li><p>比如百度访问授权地址，会跳转到【授权中心】的登录页，即Spring Security的安全认证</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>http://127.0.0.1:9001/oauth/authorize?client_id=client_demo&amp;redirect_uri=http://www.baidu.com&amp;response_type=code&amp;scope=all
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div></li> <li><p>登录成功后，跳转内置的授权页面，选择授权，即跳转会redirect_uri的地址并带上code</p></li></ol> <div class="language- line-numbers-mode"><pre class="language-text"><code>https://www.baidu.com/?code=StnlSz
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><ol start="3"><li><p>带code访问【授权中心】，获取token</p> <div class="language-go line-numbers-mode"><pre class="language-go"><code>curl <span class="token operator">--</span>location <span class="token operator">--</span>request POST <span class="token string">'http://127.0.0.1:9001/oauth/token'</span> \
<span class="token operator">--</span>header <span class="token string">'Content-Type: application/x-www-form-urlencoded'</span> \
<span class="token operator">--</span>header <span class="token string">'Authorization: Basic Y2xpZW50X2RlbW86c2VjcmV0X2NsaWVudF9kZW1v'</span> \
<span class="token operator">--</span>header <span class="token string">'Cookie: JSESSIONID=5A7642A47D5D5B384CF5530C948AE572'</span> \
<span class="token operator">--</span>data<span class="token operator">-</span>urlencode <span class="token string">'grant_type=authorization_code'</span> \
<span class="token operator">--</span>data<span class="token operator">-</span>urlencode <span class="token string">'code=StnlSz'</span> \
<span class="token operator">--</span>data<span class="token operator">-</span>urlencode <span class="token string">'redirect_uri=http://www.baidu.com'</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br></div></div></li></ol></blockquote> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/FjCN-FU4Rgf4ghC02MJDiQLyM9OQ.png" alt=""></p> <h3 id="开启隐式模式"><a href="#开启隐式模式" class="header-anchor">#</a> 开启隐式模式</h3> <p>和授权码模式类似，授权后直接返回令牌，而不是授权码。</p> <ul><li><p>客户端配置中补充授权方式<code>implicit</code></p> <div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token punctuation">.</span><span class="token function">authorizedGrantTypes</span><span class="token punctuation">(</span><span class="token class-name">AuthorizationGrantType</span><span class="token punctuation">.</span>IMPLICIT<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
                        <span class="token class-name">AuthorizationGrantType</span><span class="token punctuation">.</span>AUTHORIZATION_CODE<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
                        <span class="token class-name">AuthorizationGrantType</span><span class="token punctuation">.</span>REFRESH_TOKEN<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
                        <span class="token class-name">AuthorizationGrantType</span><span class="token punctuation">.</span>CLIENT_CREDENTIALS<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
                        <span class="token class-name">AuthorizationGrantType</span><span class="token punctuation">.</span>PASSWORD<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br></div></div></li></ul> <blockquote><p>postman测试数据，这里response_type值为token</p> <div class="language-go line-numbers-mode"><pre class="language-go"><code>http<span class="token punctuation">:</span><span class="token operator">/</span><span class="token operator">/</span><span class="token number">127.0</span><span class="token number">.0</span><span class="token number">.1</span><span class="token punctuation">:</span><span class="token number">9001</span><span class="token operator">/</span>oauth<span class="token operator">/</span>authorize?client_id<span class="token operator">=</span>client_demo<span class="token operator">&amp;</span>redirect_uri<span class="token operator">=</span>http<span class="token punctuation">:</span><span class="token operator">/</span><span class="token operator">/</span>www<span class="token punctuation">.</span>baidu<span class="token punctuation">.</span>com<span class="token operator">&amp;</span>response_type<span class="token operator">=</span>token<span class="token operator">&amp;</span>scope<span class="token operator">=</span>all
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>响应数据都会拼接在跳转地址后</p> <div class="language-go line-numbers-mode"><pre class="language-go"><code>https<span class="token punctuation">:</span><span class="token operator">/</span><span class="token operator">/</span>www<span class="token punctuation">.</span>baidu<span class="token punctuation">.</span>com<span class="token operator">/</span>#access_token<span class="token operator">=</span>af0b23b5<span class="token operator">-</span><span class="token number">7</span>be8<span class="token operator">-</span><span class="token number">449e-904</span>c<span class="token operator">-</span><span class="token number">405</span>efc7ab7bc<span class="token operator">&amp;</span>token_type<span class="token operator">=</span>bearer<span class="token operator">&amp;</span>expires_in<span class="token operator">=</span><span class="token number">3415</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div></blockquote> <h3 id="开启用户密码模式"><a href="#开启用户密码模式" class="header-anchor">#</a> 开启用户密码模式</h3> <p>在上面基础上补充：</p> <ul><li><p>客户端配置</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">ClientDetailsServiceConfigurer</span> clients<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
        clients<span class="token punctuation">.</span><span class="token function">inMemory</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
                <span class="token comment">// 补充 password 模式</span>
                <span class="token punctuation">.</span><span class="token function">authorizedGrantTypes</span><span class="token punctuation">(</span>
                        <span class="token class-name">AuthorizationGrantType</span><span class="token punctuation">.</span>CLIENT_CREDENTIALS<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
            			<span class="token class-name">AuthorizationGrantType</span><span class="token punctuation">.</span>AUTHORIZATION_CODE<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
                        <span class="token class-name">AuthorizationGrantType</span><span class="token punctuation">.</span>PASSWORD<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
        <span class="token punctuation">;</span>
        <span class="token comment">// 其他配置不显示了，参考上面配置</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br></div></div></li> <li><p>Spring Security配置，一样需要基础的安全认证</p></li> <li><p>授权接口配置</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">AuthorizationServerEndpointsConfigurer</span> endpoints<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token comment">/**
         * 默认支持4种模式，添加后authenticationManager才支持password模式
         * 参考{@link AuthorizationServerEndpointsConfigurer 的getDefaultTokenGranters()方法}
         */</span>
       endpoints<span class="token punctuation">.</span><span class="token function">authenticationManager</span><span class="token punctuation">(</span>authenticationManager<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br></div></div></li></ul> <blockquote><p>postman测试数据。对比客户端模式，多了refreshToken值，即可刷新token</p> <div class="language-go line-numbers-mode"><pre class="language-go"><code>curl <span class="token operator">--</span>location <span class="token operator">--</span>request POST <span class="token string">'http://127.0.0.1:9001/oauth/token'</span> \
<span class="token operator">--</span>header <span class="token string">'Authorization: Bearer eac37e5d-38c2-41d4-9577-e7fa32657172'</span> \
<span class="token operator">--</span>header <span class="token string">'Content-Type: application/x-www-form-urlencoded'</span> \
<span class="token operator">--</span>header <span class="token string">'Cookie: JSESSIONID=314C5B81124B30EB1DD91009193668F4'</span> \
<span class="token operator">--</span>data<span class="token operator">-</span>urlencode <span class="token string">'grant_type=password'</span> \
<span class="token operator">--</span>data<span class="token operator">-</span>urlencode <span class="token string">'client_id=client_demo'</span> \
<span class="token operator">--</span>data<span class="token operator">-</span>urlencode <span class="token string">'client_secret=secret_client_demo'</span> \
<span class="token operator">--</span>data<span class="token operator">-</span>urlencode <span class="token string">'scope=all'</span> \
<span class="token operator">--</span>data<span class="token operator">-</span>urlencode <span class="token string">'username=test'</span> \
<span class="token operator">--</span>data<span class="token operator">-</span>urlencode <span class="token string">'password=123456'</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br></div></div><div class="language-go line-numbers-mode"><pre class="language-go"><code><span class="token punctuation">{</span>
    <span class="token string">&quot;token&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;eac37e5d-38c2-41d4-9577-e7fa32657172&quot;</span><span class="token punctuation">,</span>
    <span class="token string">&quot;refreshToken&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;c8ea09b8-acaf-4939-a597-28461f762bf5&quot;</span><span class="token punctuation">,</span>
    <span class="token string">&quot;tokenHead&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;Bearer &quot;</span><span class="token punctuation">,</span>
    <span class="token string">&quot;expiresIn&quot;</span><span class="token punctuation">:</span> <span class="token number">2292</span><span class="token punctuation">,</span>
    <span class="token string">&quot;scope&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">[</span>
        <span class="token string">&quot;all&quot;</span>
    <span class="token punctuation">]</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br></div></div></blockquote> <h3 id="开启刷新模式"><a href="#开启刷新模式" class="header-anchor">#</a> 开启刷新模式</h3> <p>上面用户密码模式请求结果是有refreshToken值的，即可以在有效期内请求刷新延迟token有效期</p> <ul><li><p>客户端配置</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>   <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">ClientDetailsServiceConfigurer</span> clients<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
        clients<span class="token punctuation">.</span><span class="token function">inMemory</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
                <span class="token comment">// 补充 refresh_token 模式</span>
                <span class="token punctuation">.</span><span class="token function">authorizedGrantTypes</span><span class="token punctuation">(</span>
            			<span class="token class-name">AuthorizationGrantType</span><span class="token punctuation">.</span>AUTHORIZATION_CODE<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
                        <span class="token class-name">AuthorizationGrantType</span><span class="token punctuation">.</span>REFRESH_TOKEN<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
                        <span class="token class-name">AuthorizationGrantType</span><span class="token punctuation">.</span>CLIENT_CREDENTIALS<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
                        <span class="token class-name">AuthorizationGrantType</span><span class="token punctuation">.</span>PASSWORD<span class="token punctuation">.</span><span class="token function">getValue</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
                <span class="token comment">//刷新token时效，秒</span>
                <span class="token punctuation">.</span><span class="token function">refreshTokenValiditySeconds</span><span class="token punctuation">(</span><span class="token number">3600</span><span class="token punctuation">)</span>
        <span class="token punctuation">;</span>
        <span class="token comment">// 其他配置不显示了，参考上面配置</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br></div></div></li> <li><p>Spring Security配置，一样需要基础的安全认证</p></li> <li><p>授权接口配置</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">AuthorizationServerEndpointsConfigurer</span> endpoints<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        endpoints<span class="token punctuation">.</span><span class="token function">authenticationManager</span><span class="token punctuation">(</span>authenticationManager<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">// 必须指定userDetailsService，参考源码配置</span>
        endpoints<span class="token punctuation">.</span><span class="token function">userDetailsService</span><span class="token punctuation">(</span>userDetailsService<span class="token punctuation">)</span><span class="token punctuation">;</span>
       	<span class="token comment">// 其他配置不显示了，参考上面配置</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br></div></div></li></ul> <blockquote><p>postman测试数据。刷新请求后，旧token值就直接无效了</p> <div class="language-go line-numbers-mode"><pre class="language-go"><code>curl <span class="token operator">--</span>location <span class="token operator">--</span>request POST <span class="token string">'http://127.0.0.1:9001/oauth/token'</span> \
<span class="token operator">--</span>header <span class="token string">'Content-Type: application/x-www-form-urlencoded'</span> \
<span class="token operator">--</span>header <span class="token string">'Authorization: Basic Y2xpZW50X2RlbW86c2VjcmV0X2NsaWVudF9kZW1v'</span> \
<span class="token operator">--</span>header <span class="token string">'Cookie: JSESSIONID=BC472F0EF185AD43A4B90DFC77548D43'</span> \
<span class="token operator">--</span>data<span class="token operator">-</span>urlencode <span class="token string">'grant_type=refresh_token'</span> \
<span class="token operator">--</span>data<span class="token operator">-</span>urlencode <span class="token string">'refresh_token=a1fa8683-ce33-432f-ba32-c89d021c1605'</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br></div></div></blockquote> <h3 id="重写异常响应"><a href="#重写异常响应" class="header-anchor">#</a> 重写异常响应</h3> <p>在<code>ResourceServerConfigurerAdapter</code>中配置，主要涉及以下几个接口</p> <div class="language-go line-numbers-mode"><pre class="language-go"><code><span class="token number">1.</span> AuthenticationEntryPoint<span class="token punctuation">:</span> 无身份认证对象访问，<span class="token number">401</span>需要身份认证
<span class="token number">2.</span> AccessDeniedHandler<span class="token punctuation">:</span> 已登录无权访问，<span class="token number">403</span>正确请求但拒绝请求
<span class="token number">3.</span> LogoutSuccessHandler<span class="token punctuation">:</span> 成功退出登录后拦截处理
<span class="token number">4.</span> LogoutHandler<span class="token punctuation">:</span> 退出登录，拦截处理
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br></div></div><div class="language-java line-numbers-mode"><pre class="language-java"><code>    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">ResourceServerSecurityConfigurer</span> resources<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        resources<span class="token punctuation">.</span><span class="token function">stateless</span><span class="token punctuation">(</span><span class="token boolean">true</span><span class="token punctuation">)</span>
                <span class="token punctuation">.</span><span class="token function">authenticationEntryPoint</span><span class="token punctuation">(</span>authenticationEntryPoint<span class="token punctuation">)</span>
                <span class="token punctuation">.</span><span class="token function">expressionHandler</span><span class="token punctuation">(</span>expressionHandler<span class="token punctuation">)</span>
                <span class="token punctuation">.</span><span class="token function">accessDeniedHandler</span><span class="token punctuation">(</span>accessDeniedHandler<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token class-name">HttpSecurity</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">HttpSecurity</span> http<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
        <span class="token comment">// 退出处理</span>
        http<span class="token punctuation">.</span><span class="token function">logout</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
                <span class="token punctuation">.</span><span class="token function">addLogoutHandler</span><span class="token punctuation">(</span>logoutHandler<span class="token punctuation">)</span>
                <span class="token punctuation">.</span><span class="token function">logoutSuccessHandler</span><span class="token punctuation">(</span>logoutSuccessHandler<span class="token punctuation">)</span>
                <span class="token comment">// 清除上下文对象中的认证对象</span>
                <span class="token punctuation">.</span><span class="token function">clearAuthentication</span><span class="token punctuation">(</span><span class="token boolean">true</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">return</span> http<span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br></div></div><h2 id="令牌扩充优化"><a href="#令牌扩充优化" class="header-anchor">#</a> 令牌扩充优化</h2> <blockquote><p>即扩展响应对象。可以参考源码的请求<code>/oauth/token</code>类<code>TokenEndpoint</code>，响应对象<code>OAuth2AccessToken</code>。主要接口<code>TokenEnhancer</code>就是将数据扩充到响应对象<code>OAuth2AccessToken</code>的additionalInformation属性中。</p></blockquote> <blockquote><p>下面两种方式都是基于<code>DefaultTokenServices</code>生成token、refreshToken的</p></blockquote> <h3 id="自定义扩充"><a href="#自定义扩充" class="header-anchor">#</a> 自定义扩充</h3> <ul><li><p>自定义实现<code>TokenEnhancer</code>接口</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>	<span class="token annotation punctuation">@Bean</span>
    <span class="token keyword">public</span> <span class="token class-name">TokenEnhancer</span> <span class="token function">tokenEnhancer</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token keyword">return</span> <span class="token keyword">new</span> <span class="token class-name">TokenEnhancer</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
            <span class="token annotation punctuation">@Override</span>
            <span class="token keyword">public</span> <span class="token class-name">OAuth2AccessToken</span> <span class="token function">enhance</span><span class="token punctuation">(</span><span class="token class-name">OAuth2AccessToken</span> accessToken<span class="token punctuation">,</span> <span class="token class-name">OAuth2Authentication</span> authentication<span class="token punctuation">)</span> <span class="token punctuation">{</span>
                <span class="token class-name">Authentication</span> userAuthentication <span class="token operator">=</span> authentication<span class="token punctuation">.</span><span class="token function">getUserAuthentication</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
                <span class="token keyword">if</span> <span class="token punctuation">(</span>userAuthentication <span class="token operator">!=</span> <span class="token keyword">null</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
                    <span class="token class-name">String</span> userName <span class="token operator">=</span> userAuthentication<span class="token punctuation">.</span><span class="token function">getName</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
                    <span class="token comment">//数据库查询用户，加到token中</span>
                    <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token keyword">null</span> <span class="token operator">!=</span> userName <span class="token operator">||</span> <span class="token boolean">true</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
                        <span class="token class-name">Map</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">,</span> <span class="token class-name">Object</span><span class="token punctuation">&gt;</span></span> additionalInformation <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">HashMap</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token punctuation">&gt;</span></span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
                        <span class="token class-name">Map</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">,</span> <span class="token class-name">Object</span><span class="token punctuation">&gt;</span></span> map <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">HashMap</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token punctuation">&gt;</span></span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
                        map<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">&quot;userName&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;admin&quot;</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
                        map<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">&quot;createTime&quot;</span><span class="token punctuation">,</span> <span class="token keyword">new</span> <span class="token class-name">Date</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">toString</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
                        map<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">&quot;gender&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;男&quot;</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
                        additionalInformation<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">&quot;roles&quot;</span><span class="token punctuation">,</span> <span class="token class-name">Arrays</span><span class="token punctuation">.</span><span class="token function">asList</span><span class="token punctuation">(</span><span class="token string">&quot;admin&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;person&quot;</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
                        additionalInformation<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">&quot;user&quot;</span><span class="token punctuation">,</span> map<span class="token punctuation">)</span><span class="token punctuation">;</span><span class="token comment">//GsonUtil.toJson(map));</span>
                        <span class="token punctuation">(</span><span class="token punctuation">(</span><span class="token class-name">DefaultOAuth2AccessToken</span><span class="token punctuation">)</span> accessToken<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">setAdditionalInformation</span><span class="token punctuation">(</span>additionalInformation<span class="token punctuation">)</span><span class="token punctuation">;</span>
                    <span class="token punctuation">}</span>
                <span class="token punctuation">}</span>
                <span class="token keyword">return</span> accessToken<span class="token punctuation">;</span>
            <span class="token punctuation">}</span>
        <span class="token punctuation">}</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br><span class="line-number">22</span><br><span class="line-number">23</span><br><span class="line-number">24</span><br></div></div></li> <li><p>授权接口配置</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">AuthorizationServerEndpointsConfigurer</span> endpoints<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        endpoints<span class="token punctuation">.</span><span class="token function">authenticationManager</span><span class="token punctuation">(</span>authenticationManager<span class="token punctuation">)</span><span class="token punctuation">;</span>
        endpoints<span class="token punctuation">.</span><span class="token function">userDetailsService</span><span class="token punctuation">(</span>userDetailsService<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">// 配置令牌增强器</span>
        endpoints<span class="token punctuation">.</span><span class="token function">tokenEnhancer</span><span class="token punctuation">(</span>tokenEnhancer<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br></div></div></li></ul> <h3 id="以jwt做令牌"><a href="#以jwt做令牌" class="header-anchor">#</a> 以JWT做令牌</h3> <ul><li><p>密钥，可以用<a href="http://huhu_han.gitee.io/blog/views/software/jdk-keytool.html#%E7%94%9F%E6%88%90%E7%A7%98%E9%92%A5" target="_blank" rel="noopener noreferrer">JDK自带工具keytool.exe<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>生成，密钥文件xx.jks放在相对目录下</p></li> <li><p>自定义令牌转发器。</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>	<span class="token annotation punctuation">@Bean</span>
    <span class="token keyword">public</span> <span class="token class-name">JwtAccessTokenConverter</span> <span class="token function">jwtAccessTokenConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token class-name">KeyStoreKeyFactory</span> keyStoreKeyFactory <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">KeyStoreKeyFactory</span><span class="token punctuation">(</span>
                <span class="token keyword">new</span> <span class="token class-name">ClassPathResource</span><span class="token punctuation">(</span><span class="token string">&quot;yh-cloud.jks&quot;</span><span class="token punctuation">)</span><span class="token punctuation">,</span> <span class="token string">&quot;yh-admin&quot;</span><span class="token punctuation">.</span><span class="token function">toCharArray</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
        <span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token class-name">JwtAccessTokenConverter</span> converter <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">JwtAccessTokenConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        converter<span class="token punctuation">.</span><span class="token function">setKeyPair</span><span class="token punctuation">(</span>keyStoreKeyFactory<span class="token punctuation">.</span><span class="token function">getKeyPair</span><span class="token punctuation">(</span><span class="token string">&quot;yh-jwt&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;yh-user&quot;</span><span class="token punctuation">.</span><span class="token function">toCharArray</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">return</span> converter<span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br></div></div></li> <li><p>授权接口配置</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">AuthorizationServerEndpointsConfigurer</span> endpoints<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        endpoints<span class="token punctuation">.</span><span class="token function">authenticationManager</span><span class="token punctuation">(</span>authenticationManager<span class="token punctuation">)</span><span class="token punctuation">;</span>
        endpoints<span class="token punctuation">.</span><span class="token function">userDetailsService</span><span class="token punctuation">(</span>userDetailsService<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">// 配置令牌转化器</span>
        endpoints<span class="token punctuation">.</span><span class="token function">accessTokenConverter</span><span class="token punctuation">(</span>jwtAccessTokenConverter<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br></div></div></li></ul> <blockquote><p>这里JWT形式的Token在【授权中心】是存储在内存中的，实际可以不存储，参考<a href="/blog/views/spring/#JwtTokenStore">JwtTokenStore</a></p></blockquote> <blockquote><p>注意JwtAccessTokenConverter也是一种TokenEnhancer的实现。所以添加多个增强器的话，这样配置</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>   <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">AuthorizationServerEndpointsConfigurer</span> endpoints<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        endpoints<span class="token punctuation">.</span><span class="token function">authenticationManager</span><span class="token punctuation">(</span>authenticationManager<span class="token punctuation">)</span><span class="token punctuation">;</span>
        endpoints<span class="token punctuation">.</span><span class="token function">userDetailsService</span><span class="token punctuation">(</span>userDetailsService<span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token comment">// 多个增强器</span>
        <span class="token class-name">TokenEnhancerChain</span> enhancerChain <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">TokenEnhancerChain</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token class-name">List</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">TokenEnhancer</span><span class="token punctuation">&gt;</span></span> enhancerList <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">ArrayList</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token punctuation">&gt;</span></span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        enhancerList<span class="token punctuation">.</span><span class="token function">add</span><span class="token punctuation">(</span>jwtAccessTokenConverter<span class="token punctuation">)</span><span class="token punctuation">;</span>
        enhancerList<span class="token punctuation">.</span><span class="token function">add</span><span class="token punctuation">(</span>tokenEnhancer<span class="token punctuation">)</span><span class="token punctuation">;</span>
        enhancerChain<span class="token punctuation">.</span><span class="token function">setTokenEnhancers</span><span class="token punctuation">(</span>enhancerList<span class="token punctuation">)</span><span class="token punctuation">;</span>
        endpoints<span class="token punctuation">.</span><span class="token function">tokenEnhancer</span><span class="token punctuation">(</span>enhancerChain<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br></div></div></blockquote> <h2 id="令牌存储优化"><a href="#令牌存储优化" class="header-anchor">#</a> 令牌存储优化</h2> <p>主要通过接口<code>TokenStore</code>实现，默认实现类是<code>InMemoryTokenStore</code>，即存储在内存中。</p> <p>上面的例子都是默认内存存储，【资源服务】的验证需要远程请求去【授权中心】的<code>TokenStore</code>验证。</p> <blockquote><p>只要保证<strong>创建的token和验证的token来自同个TokenStore</strong>，就没问题！</p></blockquote> <p>依赖包中默认提供了几种实现类</p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/20210202181042.png" alt=""></p> <h3 id="jwttokenstore"><a href="#jwttokenstore" class="header-anchor">#</a> JwtTokenStore</h3> <blockquote><p>查看源码会发现其实没有存储token，因为JWT是无状态的！只要能解密不过期就是有效的！</p></blockquote> <div class="language-java line-numbers-mode"><pre class="language-java"><code>    <span class="token annotation punctuation">@Bean</span>
    <span class="token keyword">public</span> <span class="token class-name">TokenStore</span> <span class="token function">jwtTokenStore</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token keyword">return</span> <span class="token keyword">new</span> <span class="token class-name">JwtTokenStore</span><span class="token punctuation">(</span><span class="token function">jwtAccessTokenConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br></div></div><div class="language-java line-numbers-mode"><pre class="language-java"><code>    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">AuthorizationServerEndpointsConfigurer</span> endpoints<span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token comment">// 设置token存储方式</span>
        endpoints<span class="token punctuation">.</span><span class="token function">tokenStore</span><span class="token punctuation">(</span>jwtTokenStore<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">// 其他配置不显示了，参考上面配置</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br></div></div><h3 id="jdbctokenstore"><a href="#jdbctokenstore" class="header-anchor">#</a> JdbcTokenStore</h3> <div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token annotation punctuation">@ConditionalOnProperty</span><span class="token punctuation">(</span>prefix <span class="token operator">=</span> <span class="token string">&quot;yh.oauth2.token&quot;</span><span class="token punctuation">,</span> name <span class="token operator">=</span> <span class="token string">&quot;store&quot;</span><span class="token punctuation">,</span> havingValue <span class="token operator">=</span> <span class="token string">&quot;db&quot;</span><span class="token punctuation">)</span>
<span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">MyJdbcTokenStore</span> <span class="token punctuation">{</span>
    <span class="token annotation punctuation">@Autowired</span>
    <span class="token keyword">private</span> <span class="token class-name">DataSource</span> dataSource<span class="token punctuation">;</span>

    <span class="token annotation punctuation">@Bean</span>
    <span class="token keyword">public</span> <span class="token class-name">TokenStore</span> <span class="token function">tokenStore</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">{</span>
        <span class="token keyword">return</span> <span class="token keyword">new</span> <span class="token class-name">JdbcTokenStore</span><span class="token punctuation">(</span>dataSource<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br></div></div><p>后续再补充</p> <h3 id="redistokenstore"><a href="#redistokenstore" class="header-anchor">#</a> RedisTokenStore</h3> <p>后续再补充</p> <h2 id="授权码存储优化"><a href="#授权码存储优化" class="header-anchor">#</a> 授权码存储优化</h2> <p>仅限于授权模式。生成的授权码存储接口<code>AuthorizationCodeServices</code></p> <ul><li>默认实现：<strong>InMemoryAuthorizationCodeServices</strong>，只要请求获取token成功才删除内存中的随机码。</li> <li>数据库：JdbcAuthorizationCodeServices</li> <li>扩展如<strong>Redis实现方式，设置随机码的有效期</strong>，继承抽象类<code>RandomValueAuthorizationCodeServices</code></li></ul> <h2 id="授权方式优化"><a href="#授权方式优化" class="header-anchor">#</a> 授权方式优化</h2> <p>除了自定义的5种授权模式外，系统中可能需要扩展其他方式，比如验证码、手机号、第三方微信等等</p> <ul><li><p>客户端配置</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">AuthorizationServerEndpointsConfigurer</span> endpoints<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token comment">// 要保证创建的token和验证的token来自同个TokenStore</span>
        endpoints<span class="token punctuation">.</span><span class="token function">tokenStore</span><span class="token punctuation">(</span>tokenStore<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">// 支持 password模式</span>
        endpoints<span class="token punctuation">.</span><span class="token function">authenticationManager</span><span class="token punctuation">(</span>authenticationManager<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">// 自定义授权模式（5+N）</span>
        endpoints<span class="token punctuation">.</span><span class="token function">tokenGranter</span><span class="token punctuation">(</span>tokenGranter<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">// 授权码模式，默认内存存储，保证创建和验证来自同个Store</span>
        endpoints<span class="token punctuation">.</span><span class="token function">authorizationCodeServices</span><span class="token punctuation">(</span>authorizationCodeServices<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br></div></div></li> <li><p>自定义配置，通过<code>@Import</code>引入客户端配置文件中</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token comment">/**
 * 扩展授权模式（5种）配置
 * 参考源码 {@link AuthorizationServerEndpointsConfigurer}
 *
 * @author yanghan
 * @date 2021/6/16
 */</span>
<span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">TokenGrantConfig</span> <span class="token punctuation">{</span>
    <span class="token annotation punctuation">@Autowired</span>
    <span class="token keyword">private</span> <span class="token class-name">ClientDetailsService</span> clientDetailsService<span class="token punctuation">;</span>
    <span class="token annotation punctuation">@Autowired</span>
    <span class="token keyword">private</span> <span class="token class-name">UserDetailsService</span> userDetailsService<span class="token punctuation">;</span>
    <span class="token annotation punctuation">@Autowired</span>
    <span class="token keyword">private</span> <span class="token class-name">AuthenticationManager</span> authenticationManager<span class="token punctuation">;</span>
    <span class="token annotation punctuation">@Autowired</span>
    <span class="token keyword">private</span> <span class="token class-name">TokenStore</span> tokenStore<span class="token punctuation">;</span>
    <span class="token annotation punctuation">@Autowired</span>
    <span class="token keyword">private</span> <span class="token class-name">JwtAccessTokenConverter</span> jwtAccessTokenConverter<span class="token punctuation">;</span>
    <span class="token annotation punctuation">@Autowired</span>
    <span class="token keyword">private</span> <span class="token class-name">TokenEnhancer</span> jwtTokenEnhancer<span class="token punctuation">;</span>
    <span class="token keyword">private</span> <span class="token class-name">AuthorizationCodeServices</span> authorizationCodeServices<span class="token punctuation">;</span>
    <span class="token keyword">private</span> <span class="token keyword">static</span> <span class="token keyword">final</span> <span class="token keyword">boolean</span> REUSE_REFRESH_TOKEN <span class="token operator">=</span> <span class="token boolean">true</span><span class="token punctuation">;</span>
    <span class="token keyword">private</span> <span class="token class-name">AuthorizationServerTokenServices</span> tokenServices<span class="token punctuation">;</span>
    
    <span class="token comment">/**
     * 自定义令牌授权器，扩展授权模式
     *
     * @return
     */</span>
    <span class="token annotation punctuation">@Bean</span>
    <span class="token keyword">public</span> <span class="token class-name">TokenGranter</span> <span class="token function">tokenGranter</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token keyword">return</span> <span class="token keyword">new</span> <span class="token class-name">TokenGranter</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
            <span class="token keyword">private</span> <span class="token class-name">CompositeTokenGranter</span> delegate<span class="token punctuation">;</span>

            <span class="token annotation punctuation">@Override</span>
            <span class="token keyword">public</span> <span class="token class-name">OAuth2AccessToken</span> <span class="token function">grant</span><span class="token punctuation">(</span><span class="token class-name">String</span> grantType<span class="token punctuation">,</span> <span class="token class-name">TokenRequest</span> tokenRequest<span class="token punctuation">)</span> <span class="token punctuation">{</span>
                <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token keyword">this</span><span class="token punctuation">.</span>delegate <span class="token operator">==</span> <span class="token keyword">null</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
                    <span class="token keyword">this</span><span class="token punctuation">.</span>delegate <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">CompositeTokenGranter</span><span class="token punctuation">(</span><span class="token function">getDefaultTokenGranters</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
                <span class="token punctuation">}</span>
                <span class="token keyword">return</span> <span class="token keyword">this</span><span class="token punctuation">.</span>delegate<span class="token punctuation">.</span><span class="token function">grant</span><span class="token punctuation">(</span>grantType<span class="token punctuation">,</span> tokenRequest<span class="token punctuation">)</span><span class="token punctuation">;</span>
            <span class="token punctuation">}</span>
        <span class="token punctuation">}</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token comment">/**
     * 源码方法，扩展授权模式
     *
     * @return
     */</span>
    <span class="token keyword">private</span> <span class="token class-name">List</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">TokenGranter</span><span class="token punctuation">&gt;</span></span> <span class="token function">getDefaultTokenGranters</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token class-name">ClientDetailsService</span> clientDetails <span class="token operator">=</span> clientDetailsService<span class="token punctuation">;</span>
        <span class="token class-name">AuthorizationServerTokenServices</span> tokenServices <span class="token operator">=</span> <span class="token keyword">this</span><span class="token punctuation">.</span><span class="token function">tokenServices</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token class-name">AuthorizationCodeServices</span> authorizationCodeServices <span class="token operator">=</span> <span class="token keyword">this</span><span class="token punctuation">.</span><span class="token function">authorizationCodeServices</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token class-name">OAuth2RequestFactory</span> requestFactory <span class="token operator">=</span> <span class="token keyword">this</span><span class="token punctuation">.</span><span class="token function">requestFactory</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token class-name">List</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">TokenGranter</span><span class="token punctuation">&gt;</span></span> tokenGranters <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">ArrayList</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token punctuation">&gt;</span></span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">// 授权码模式 authorization_code</span>
        tokenGranters<span class="token punctuation">.</span><span class="token function">add</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">AuthorizationCodeTokenGranter</span><span class="token punctuation">(</span>tokenServices<span class="token punctuation">,</span> authorizationCodeServices<span class="token punctuation">,</span> clientDetails<span class="token punctuation">,</span> requestFactory<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">// 刷新令牌模式 refresh_token</span>
        tokenGranters<span class="token punctuation">.</span><span class="token function">add</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">RefreshTokenGranter</span><span class="token punctuation">(</span>tokenServices<span class="token punctuation">,</span> clientDetails<span class="token punctuation">,</span> requestFactory<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">// 隐式模式 implicit</span>
        tokenGranters<span class="token punctuation">.</span><span class="token function">add</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">ImplicitTokenGranter</span><span class="token punctuation">(</span>tokenServices<span class="token punctuation">,</span> clientDetails<span class="token punctuation">,</span> requestFactory<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">// 客户端模式 client_credentials</span>
        tokenGranters<span class="token punctuation">.</span><span class="token function">add</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">ClientCredentialsTokenGranter</span><span class="token punctuation">(</span>tokenServices<span class="token punctuation">,</span> clientDetails<span class="token punctuation">,</span> requestFactory<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token keyword">this</span><span class="token punctuation">.</span>authenticationManager <span class="token operator">!=</span> <span class="token keyword">null</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
            <span class="token comment">// 用户密码模式 password</span>
            tokenGranters<span class="token punctuation">.</span><span class="token function">add</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">ResourceOwnerPasswordTokenGranter</span><span class="token punctuation">(</span><span class="token keyword">this</span><span class="token punctuation">.</span>authenticationManager<span class="token punctuation">,</span> tokenServices<span class="token punctuation">,</span> clientDetails<span class="token punctuation">,</span> requestFactory<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token punctuation">}</span>
        <span class="token comment">// todo： 扩展补充其他授权码方法，比如验证码、手机号、第三方应用等等</span>
        <span class="token keyword">return</span> tokenGranters<span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token comment">/**
     * 源码方法
     * 授权码生成接口，后期可以扩展
     *
     * @return
     */</span>
    <span class="token annotation punctuation">@Bean</span>
    <span class="token keyword">public</span> <span class="token class-name">AuthorizationCodeServices</span> <span class="token function">authorizationCodeServices</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token keyword">this</span><span class="token punctuation">.</span>authorizationCodeServices <span class="token operator">==</span> <span class="token keyword">null</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
            <span class="token keyword">this</span><span class="token punctuation">.</span>authorizationCodeServices <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">InMemoryAuthorizationCodeServices</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token punctuation">}</span>
        <span class="token keyword">return</span> <span class="token keyword">this</span><span class="token punctuation">.</span>authorizationCodeServices<span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
    
    <span class="token keyword">private</span> <span class="token class-name">OAuth2RequestFactory</span> <span class="token function">requestFactory</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token comment">// 源码方法，参考源码复制，或自己优化</span>
        <span class="token comment">// ...</span>
    <span class="token punctuation">}</span>
    
    <span class="token keyword">private</span> <span class="token class-name">AuthorizationServerTokenServices</span> <span class="token function">tokenServices</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token comment">// 源码方法，参考源码复制，或自己优化</span>
        <span class="token comment">// ...</span>
    <span class="token punctuation">}</span>

    <span class="token keyword">private</span> <span class="token class-name">DefaultTokenServices</span> <span class="token function">createDefaultTokenServices</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token comment">// 源码方法，参考源码复制，或自己优化</span>
        <span class="token comment">// ...</span>
    <span class="token punctuation">}</span>
    
    <span class="token keyword">private</span> <span class="token class-name">TokenEnhancer</span> <span class="token function">tokenEnhancer</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token comment">// 源码方法，修改为jwtToken增强器</span>
        <span class="token class-name">TokenEnhancerChain</span> enhancerChain <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">TokenEnhancerChain</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token class-name">List</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">TokenEnhancer</span><span class="token punctuation">&gt;</span></span> enhancerList <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">ArrayList</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token punctuation">&gt;</span></span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        enhancerList<span class="token punctuation">.</span><span class="token function">add</span><span class="token punctuation">(</span>jwtTokenEnhancer<span class="token punctuation">)</span><span class="token punctuation">;</span>
        enhancerList<span class="token punctuation">.</span><span class="token function">add</span><span class="token punctuation">(</span>jwtAccessTokenConverter<span class="token punctuation">)</span><span class="token punctuation">;</span>
        enhancerChain<span class="token punctuation">.</span><span class="token function">setTokenEnhancers</span><span class="token punctuation">(</span>enhancerList<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">return</span> enhancerChain<span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token keyword">private</span> <span class="token keyword">void</span> <span class="token function">addUserDetailsService</span><span class="token punctuation">(</span><span class="token class-name">DefaultTokenServices</span> tokenServices<span class="token punctuation">,</span> <span class="token class-name">UserDetailsService</span> userDetailsService<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token comment">// 源码方法，参考源码复制，或自己优化</span>
        <span class="token comment">// ...</span>
    <span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br><span class="line-number">22</span><br><span class="line-number">23</span><br><span class="line-number">24</span><br><span class="line-number">25</span><br><span class="line-number">26</span><br><span class="line-number">27</span><br><span class="line-number">28</span><br><span class="line-number">29</span><br><span class="line-number">30</span><br><span class="line-number">31</span><br><span class="line-number">32</span><br><span class="line-number">33</span><br><span class="line-number">34</span><br><span class="line-number">35</span><br><span class="line-number">36</span><br><span class="line-number">37</span><br><span class="line-number">38</span><br><span class="line-number">39</span><br><span class="line-number">40</span><br><span class="line-number">41</span><br><span class="line-number">42</span><br><span class="line-number">43</span><br><span class="line-number">44</span><br><span class="line-number">45</span><br><span class="line-number">46</span><br><span class="line-number">47</span><br><span class="line-number">48</span><br><span class="line-number">49</span><br><span class="line-number">50</span><br><span class="line-number">51</span><br><span class="line-number">52</span><br><span class="line-number">53</span><br><span class="line-number">54</span><br><span class="line-number">55</span><br><span class="line-number">56</span><br><span class="line-number">57</span><br><span class="line-number">58</span><br><span class="line-number">59</span><br><span class="line-number">60</span><br><span class="line-number">61</span><br><span class="line-number">62</span><br><span class="line-number">63</span><br><span class="line-number">64</span><br><span class="line-number">65</span><br><span class="line-number">66</span><br><span class="line-number">67</span><br><span class="line-number">68</span><br><span class="line-number">69</span><br><span class="line-number">70</span><br><span class="line-number">71</span><br><span class="line-number">72</span><br><span class="line-number">73</span><br><span class="line-number">74</span><br><span class="line-number">75</span><br><span class="line-number">76</span><br><span class="line-number">77</span><br><span class="line-number">78</span><br><span class="line-number">79</span><br><span class="line-number">80</span><br><span class="line-number">81</span><br><span class="line-number">82</span><br><span class="line-number">83</span><br><span class="line-number">84</span><br><span class="line-number">85</span><br><span class="line-number">86</span><br><span class="line-number">87</span><br><span class="line-number">88</span><br><span class="line-number">89</span><br><span class="line-number">90</span><br><span class="line-number">91</span><br><span class="line-number">92</span><br><span class="line-number">93</span><br><span class="line-number">94</span><br><span class="line-number">95</span><br><span class="line-number">96</span><br><span class="line-number">97</span><br><span class="line-number">98</span><br><span class="line-number">99</span><br><span class="line-number">100</span><br><span class="line-number">101</span><br><span class="line-number">102</span><br><span class="line-number">103</span><br><span class="line-number">104</span><br><span class="line-number">105</span><br><span class="line-number">106</span><br><span class="line-number">107</span><br><span class="line-number">108</span><br><span class="line-number">109</span><br><span class="line-number">110</span><br><span class="line-number">111</span><br><span class="line-number">112</span><br><span class="line-number">113</span><br><span class="line-number">114</span><br><span class="line-number">115</span><br></div></div></li></ul> <h2 id="源码分析"><a href="#源码分析" class="header-anchor">#</a> 源码分析</h2> <h3 id="tokenendpoint"><a href="#tokenendpoint" class="header-anchor">#</a> TokenEndpoint</h3> <ul><li><p>自动配置类<code>AuthorizationServerEndpointsConfiguration</code>中，默认加载方法如下</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token annotation punctuation">@Bean</span>
<span class="token keyword">public</span> <span class="token class-name">TokenEndpoint</span> <span class="token function">tokenEndpoint</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
    <span class="token comment">// 默认构造函数，初始化的是POST请求</span>
    <span class="token class-name">TokenEndpoint</span> tokenEndpoint <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">TokenEndpoint</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    tokenEndpoint<span class="token punctuation">.</span><span class="token function">setClientDetailsService</span><span class="token punctuation">(</span><span class="token keyword">this</span><span class="token punctuation">.</span>clientDetailsService<span class="token punctuation">)</span><span class="token punctuation">;</span>
    tokenEndpoint<span class="token punctuation">.</span><span class="token function">setProviderExceptionHandler</span><span class="token punctuation">(</span><span class="token keyword">this</span><span class="token punctuation">.</span><span class="token function">exceptionTranslator</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token comment">// 授权模式，根据配置的接口获取，调用的就是安全配置中设置的对象</span>
    tokenEndpoint<span class="token punctuation">.</span><span class="token function">setTokenGranter</span><span class="token punctuation">(</span><span class="token keyword">this</span><span class="token punctuation">.</span><span class="token function">tokenGranter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    tokenEndpoint<span class="token punctuation">.</span><span class="token function">setOAuth2RequestFactory</span><span class="token punctuation">(</span><span class="token keyword">this</span><span class="token punctuation">.</span><span class="token function">oauth2RequestFactory</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    tokenEndpoint<span class="token punctuation">.</span><span class="token function">setOAuth2RequestValidator</span><span class="token punctuation">(</span><span class="token keyword">this</span><span class="token punctuation">.</span><span class="token function">oauth2RequestValidator</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    tokenEndpoint<span class="token punctuation">.</span><span class="token function">setAllowedRequestMethods</span><span class="token punctuation">(</span><span class="token keyword">this</span><span class="token punctuation">.</span><span class="token function">allowedTokenEndpointRequestMethods</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token keyword">return</span> tokenEndpoint<span class="token punctuation">;</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br></div></div></li> <li><p><strong>TokenEndpoint</strong>类源码，POST请求接口大致如下</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>    <span class="token annotation punctuation">@RequestMapping</span><span class="token punctuation">(</span>
            value <span class="token operator">=</span> <span class="token punctuation">{</span><span class="token string">&quot;/oauth/token&quot;</span><span class="token punctuation">}</span><span class="token punctuation">,</span>
            method <span class="token operator">=</span> <span class="token punctuation">{</span><span class="token class-name">RequestMethod</span><span class="token punctuation">.</span>POST<span class="token punctuation">}</span>
    <span class="token punctuation">)</span>
    <span class="token keyword">public</span> <span class="token class-name">ResponseEntity</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">OAuth2AccessToken</span><span class="token punctuation">&gt;</span></span> <span class="token function">postAccessToken</span><span class="token punctuation">(</span><span class="token class-name">Principal</span> principal<span class="token punctuation">,</span> <span class="token annotation punctuation">@RequestParam</span> <span class="token class-name">Map</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">,</span> <span class="token class-name">String</span><span class="token punctuation">&gt;</span></span> parameters<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">HttpRequestMethodNotSupportedException</span> <span class="token punctuation">{</span>
        <span class="token comment">// 判断认证对象Principal，这里已经通过security过滤器链的认证</span>
        <span class="token comment">//....</span>

        <span class="token comment">// 验证客户端密钥</span>
        <span class="token class-name">String</span> clientId <span class="token operator">=</span> <span class="token keyword">this</span><span class="token punctuation">.</span><span class="token function">getClientId</span><span class="token punctuation">(</span>principal<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token class-name">ClientDetails</span> authenticatedClient <span class="token operator">=</span> <span class="token keyword">this</span><span class="token punctuation">.</span><span class="token function">getClientDetailsService</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">loadClientByClientId</span><span class="token punctuation">(</span>clientId<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">//....</span>

        <span class="token comment">// 验证Scope</span>
        <span class="token keyword">this</span><span class="token punctuation">.</span>oAuth2RequestValidator<span class="token punctuation">.</span><span class="token function">validateScope</span><span class="token punctuation">(</span>tokenRequest<span class="token punctuation">,</span> authenticatedClient<span class="token punctuation">)</span><span class="token punctuation">;</span>

        <span class="token comment">// 重点，由TokenGranter接口获取token</span>
        <span class="token class-name">OAuth2AccessToken</span> token <span class="token operator">=</span> <span class="token keyword">this</span><span class="token punctuation">.</span><span class="token function">getTokenGranter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">grant</span><span class="token punctuation">(</span>tokenRequest<span class="token punctuation">.</span><span class="token function">getGrantType</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span> tokenRequest<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">//  ....</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br></div></div></li> <li><p>授权接口<strong>TokenGranter</strong>，根据授权码<strong>grant_type</strong>方式授权</p> <ul><li><p>默认的5种授权模式</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>AuthorizationCodeTokenGranter, （authorization_code）
ClientCredentialsTokenGranter, （client_credentials）
ImplicitTokenGranter, （implicit）
RefreshTokenGranter,（refresh_token）
ResourceOwnerPasswordTokenGranter，（password）
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br></div></div></li> <li><p>源码，抽象类</p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/20210202153617.png" alt=""></p></li></ul></li> <li><p>令牌接口<strong>AuthorizationServerTokenServices</strong></p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/20210202165904.png" alt=""></p> <p>默认实现类<strong>DefaultTokenServices</strong>，通过内部属性接口<strong>TokenStore</strong>操作，大部分主要方法如下</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token comment">// 读取token</span>
<span class="token keyword">this</span><span class="token punctuation">.</span>tokenStore<span class="token punctuation">.</span><span class="token function">getAccessToken</span><span class="token punctuation">(</span>authentication<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token comment">// 存储token</span>
<span class="token keyword">this</span><span class="token punctuation">.</span>tokenStore<span class="token punctuation">.</span><span class="token function">storeAccessToken</span><span class="token punctuation">(</span>accessToken<span class="token punctuation">,</span> authentication<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token comment">// 删除token</span>
<span class="token keyword">this</span><span class="token punctuation">.</span>tokenStore<span class="token punctuation">.</span><span class="token function">removeAccessToken</span><span class="token punctuation">(</span>existingAccessToken<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token comment">// 存储refresh_token</span>
<span class="token keyword">this</span><span class="token punctuation">.</span>tokenStore<span class="token punctuation">.</span><span class="token function">storeRefreshToken</span><span class="token punctuation">(</span>refreshToken<span class="token punctuation">,</span> authentication<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token comment">// 读取refresh_token</span>
<span class="token keyword">this</span><span class="token punctuation">.</span>tokenStore<span class="token punctuation">.</span><span class="token function">readRefreshToken</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br></div></div><p>最后的创建，判断是否要用令牌增强器<strong>TokenEnhancer</strong>补充其他扩展信息</p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/20210202172855.png" alt=""></p></li> <li><p>因此自定义配置参考如下，优先级往下</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token annotation punctuation">@Override</span>
<span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">AuthorizationServerEndpointsConfigurer</span> endpoints<span class="token punctuation">)</span> <span class="token punctuation">{</span>
    <span class="token comment">// 自定义TokenGranter接口，适合扩展授权方式</span>
    endpoints<span class="token punctuation">.</span><span class="token function">tokenGranter</span><span class="token punctuation">(</span>xx<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token comment">// 配置TokenService接口，适合重写令牌创建方法</span>
    endpoints<span class="token punctuation">.</span><span class="token function">tokenServices</span><span class="token punctuation">(</span>xx<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token comment">// 配置TokenStore接口， 适合扩展令牌的存储方式</span>
    endpoints<span class="token punctuation">.</span><span class="token function">tokenStore</span><span class="token punctuation">(</span>xx<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token comment">// 配置TokenEnhance接口，适合扩展令牌信息</span>
    endpoints<span class="token punctuation">.</span><span class="token function">tokenEnhancer</span><span class="token punctuation">(</span>xx<span class="token punctuation">)</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br></div></div></li></ul></div> <footer class="page-edit" style="display:none;"><!----> <div class="last-updated"><span class="prefix">Last Updated: </span> <span class="time">2022/5/27 上午11:15:53</span></div></footer> <!----> <!----></main> <!----></div></div></div></div><div class="global-ui"><div class="back-to-ceiling" style="right:1rem;bottom:6rem;width:2.5rem;height:2.5rem;border-radius:.25rem;line-height:2.5rem;display:none;" data-v-c6073ba8 data-v-c6073ba8><svg t="1574745035067" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="5404" class="icon" data-v-c6073ba8><path d="M526.60727968 10.90185116a27.675 27.675 0 0 0-29.21455937 0c-131.36607665 82.28402758-218.69155461 228.01873535-218.69155402 394.07834331a462.20625001 462.20625001 0 0 0 5.36959153 69.94390903c1.00431239 6.55289093-0.34802892 13.13561351-3.76865779 18.80351572-32.63518765 54.11355614-51.75690182 118.55860487-51.7569018 187.94566865a371.06718723 371.06718723 0 0 0 11.50484808 91.98906777c6.53300375 25.50556257 41.68394495 28.14064038 52.69160883 4.22606766 17.37162448-37.73630017 42.14135425-72.50938081 72.80769204-103.21549295 2.18761121 3.04276886 4.15646224 6.24463696 6.40373557 9.22774369a1871.4375 1871.4375 0 0 0 140.04691725 5.34970492 1866.36093723 1866.36093723 0 0 0 140.04691723-5.34970492c2.24727335-2.98310674 4.21612437-6.18497483 6.3937923-9.2178004 30.66633723 30.70611158 55.4360664 65.4791928 72.80769147 103.21549355 11.00766384 23.91457269 46.15860503 21.27949489 52.69160879-4.22606768a371.15156223 371.15156223 0 0 0 11.514792-91.99901164c0-69.36717486-19.13165746-133.82216804-51.75690182-187.92578088-3.42062944-5.66790279-4.76302748-12.26056868-3.76865837-18.80351632a462.20625001 462.20625001 0 0 0 5.36959269-69.943909c-0.00994388-166.08943902-87.32547796-311.81420293-218.6915546-394.09823051zM605.93803103 357.87693858a93.93749974 93.93749974 0 1 1-187.89594924 6.1e-7 93.93749974 93.93749974 0 0 1 187.89594924-6.1e-7z" p-id="5405" data-v-c6073ba8></path><path d="M429.50777625 765.63860547C429.50777625 803.39355007 466.44236686 1000.39046097 512.00932183 1000.39046097c45.56695499 0 82.4922232-197.00623328 82.5015456-234.7518555 0-37.75494459-36.9345906-68.35043303-82.4922232-68.34111062-45.57627738-0.00932239-82.52019037 30.59548842-82.51086798 68.34111062z" p-id="5406" data-v-c6073ba8></path></svg></div></div></div>
    <script src="/blog/assets/js/app.0c46c7d8.js" defer></script><script src="/blog/assets/js/3.5679fe00.js" defer></script><script src="/blog/assets/js/1.8cdd2163.js" defer></script><script src="/blog/assets/js/74.ddd90b9a.js" defer></script>
  </body>
</html>
